<?php
	require 'login.php';

	if (isset($_POST['Modifica'])){	
		$post = cleanNumber($_POST['Post']);
		$corpo = cleanString($_POST['Corpo'],2000,'<img>');		
		$qry = "UPDATE Posts SET Corpo = '".$corpo."', Data = '".$_POST['Data']."' WHERE Id = '".$post."';";
		$check = mysql_query($qry) or $error=1;
	}
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
    <?php
            include('generico.php');
    
	generaHead();
	?>
    <body>
        <div id="container">
        <?php
			
            generaHeader();
            generaMenusx();
            generaMenuLogin();
            echo '<div id="Content">';
	    if(isset($_GET['p']) && isset($_GET['action'])) {
		    $postid = cleanNumber($_GET['p']);
		    $action = cleanSimpleString($_GET['action'],30);
		    $qry = "SELECT Corpo, Autore, Data, Thread FROM Posts WHERE Id = '".$postid."'";
		    $post = mysql_query($qry) or $error=1;
		    if(!$error){
				$post = mysql_fetch_assoc($post);
		
				if((isset($_SESSION['Utente']) && ($post['Autore']==$_SESSION['Utente']) && (strcmp(date("Y-m-d H:i:s", mktime(date("H")-5, (date("i")-10), date("s"), date("m"), date("d"), date("Y"))), $post['Data']) < 0)) || $_SESSION['Status']=='admin') {		
				if($action=='modifica') {
					echo"
						<form name=\"Invia\" method=\"post\" action=\"".$_SERVER['PHP_SELF']."?ok=1"."\">
						<fieldset><legend>Modifica post</legend>
							<p class=\"titolo\">Modifica il corpo del post</p>
							<input type=\"hidden\" value=\"".$postid."\" name=\"Post\">
							<input type=\"hidden\" value=\"".$post['Data']."\" name=\"Data\">
							<div>
							<label for=\"Corpo\">Post</label>
							<textarea rows=20 cols=40 class=\"Corpo\" id=\"Corpo\" name=\"Corpo\">".$post['Corpo']."</textarea>
							</div>
						</fieldset>
						<div >
						<p id=\"go\">
						<input type=\"submit\" value=\"Modifica\" name=\"Modifica\" id=\"Modifica\">
						</p>
						</div>
						</form>
				
				";				
				} //Modifica
				if($action == 'cancella') {
					$qry = "DELETE FROM Posts WHERE Id = '".$postid."';";
					$check = mysql_query($qry);
					$qry = "SELECT NumeroPost FROM Threads WHERE Id = '".$post['Thread']."'";
					$check = mysql_query($qry);
					$numero = mysql_fetch_assoc($check);
					$qry = "UPDATE Threads SET NumeroPost = '".($numero['NumeroPost']-1)."' WHERE Id = '".$post['Thread']."'";
					$check = mysql_query($qry);
					$qry = "SELECT Titolo FROM Threads WHERE Id = '".$post['Thread']."';";
					$thread = mysql_query($qry);
					$thread = mysql_fetch_assoc($thread);
					echo '<p>Post eliminato</p>
						<p><a href="thread.php?t='.$post['Thread'].'">Torna a '.$thread['Titolo'].'</a></p>';
				}
				}
			}
	    }
	    else if(isset($_GET['ok']) && $_GET['ok']){
		$qry = "SELECT Thread FROM Posts WHERE Id ='".$_POST['Post']."';";
		$nome = mysql_query($qry);
		$nome = mysql_fetch_assoc($nome);
		$qry = "SELECT Titolo FROM Threads WHERE Id = '".$nome['Thread']."';";
		$thread = mysql_query($qry);
		$thread = mysql_fetch_assoc($thread);
		echo "<p>Post modificato</p><p><a href=\"thread.php?t=".$nome['Thread']."\"> Torna a ".$thread['Titolo']."</a></p>";
	    }
	    else
               	echo '<p>Non sei autorizzato a modificare questo post</p>';
	
            echo '</div>';

            generaFooter();
        ?>
        </div>
    </body>
</html>
